Edit tour

Linux Analysis Report
sync.superh.elf

Overview

General Information

Sample name:sync.superh.elf
Analysis ID:1641103
MD5:1e6bc2b8d3808eb2c2964a63c3193672
SHA1:22b882d00bf3a4cd40e5d13c3a2df13b925faf8d
SHA256:84d718d39fa59f21e4d8f1de85bd10e57f13f172459a38cef0b9541384e4b117
Tags:elfGafgytMiraiuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641103
Start date and time:2025-03-18 03:02:43 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 24s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:sync.superh.elf
Detection:MAL
Classification:mal64.evad.linELF@0/0@15/0
Command:/tmp/sync.superh.elf
PID:5533
Exit Code:1
Exit Code Info:
Killed:False
Standard Output:
syncne
Standard Error:
  • system is lnxubuntu20
  • cleanup
No yara matches
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T03:03:28.075449+010020135141A Network Trojan was detected192.168.2.15467128.8.4.453UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T03:04:44.096411+010028486071Malware Command and Control Activity Detected185.194.205.7961003192.168.2.1536866TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-18T03:04:43.890584+010028486061Malware Command and Control Activity Detected192.168.2.1536866185.194.205.7961003TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: sync.superh.elfVirustotal: Detection: 46%Perma Link
Source: sync.superh.elfReversingLabs: Detection: 41%

Networking

barindex
Source: Network trafficSuricata IDS: 2013514 - Severity 1 - ET MALWARE Potential DNS Command and Control via TXT queries : 192.168.2.15:46712 -> 8.8.4.4:53
Source: Network trafficSuricata IDS: 2848606 - Severity 1 - ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Outbound) : 192.168.2.15:36866 -> 185.194.205.79:61003
Source: Network trafficSuricata IDS: 2848607 - Severity 1 - ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Inbound) : 185.194.205.79:61003 -> 192.168.2.15:36866
Source: global trafficTCP traffic: 192.168.2.15:36866 -> 185.194.205.79:61003
Source: unknownDNS traffic detected: query: dnsresolve.socialgains.cf replaycode: Name error (3)
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownTCP traffic detected without corresponding DNS query: 185.194.205.79
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dnsresolve.socialgains.cf
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal64.evad.linELF@0/0@15/0

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/sync.superh.elf (PID: 5533)File: /tmp/sync.superh.elfJump to behavior
Source: sync.superh.elfSubmission file: segment LOAD with 7.0048 entropy (max. 8.0)
Source: /tmp/sync.superh.elf (PID: 5537)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.superh.elf (PID: 5537)Sleeps longer then 60s: 60.0sJump to behavior
Source: /tmp/sync.superh.elf (PID: 5533)Queries kernel information via 'uname': Jump to behavior
Source: sync.superh.elf, 5533.1.00007ffee67ac000.00007ffee67cd000.rw-.sdmpBinary or memory string: /usr/bin/qemu-sh4
Source: sync.superh.elf, 5533.1.0000557eba36d000.0000557eba3d0000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/sh4
Source: sync.superh.elf, 5533.1.00007ffee67ac000.00007ffee67cd000.rw-.sdmpBinary or memory string: (Ux86_64/usr/bin/qemu-sh4/tmp/sync.superh.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/sync.superh.elf
Source: sync.superh.elf, 5533.1.0000557eba36d000.0000557eba3d0000.rw-.sdmpBinary or memory string: ~U5!/etc/qemu-binfmt/sh4

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
Source: TrafficDNS traffic detected: queries for: dnsresolve.socialgains.cf
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Virtualization/Sandbox Evasion
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local System1
Non-Standard Port
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
No configs have been found
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641103 Sample: sync.superh.elf Startdate: 18/03/2025 Architecture: LINUX Score: 64 15 dnsresolve.socialgains.cf 2->15 17 185.194.205.79, 36866, 61003 HTSENSEFR France 2->17 19 Suricata IDS alerts for network traffic 2->19 21 Multi AV Scanner detection for submitted file 2->21 8 sync.superh.elf 2->8         started        signatures3 23 Performs DNS TXT record lookups 15->23 process4 signatures5 25 Sample deletes itself 8->25 11 sync.superh.elf 8->11         started        process6 process7 13 sync.superh.elf 11->13         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
sync.superh.elf47%VirustotalBrowse
sync.superh.elf42%ReversingLabsLinux.Backdoor.Gafgyt
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
dnsresolve.socialgains.cf
unknown
unknownfalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    185.194.205.79
    unknownFrance
    204145HTSENSEFRtrue
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    185.194.205.79sync.mipsel.elfGet hashmaliciousUnknownBrowse
      sync.arm5.elfGet hashmaliciousUnknownBrowse
        sync.arm4.elfGet hashmaliciousUnknownBrowse
          sync.x86_64.elfGet hashmaliciousUnknownBrowse
            sync.arm4.elfGet hashmaliciousUnknownBrowse
              sync.sh4.elfGet hashmaliciousUnknownBrowse
                sync.x86.elfGet hashmaliciousUnknownBrowse
                  sync.x86.elfGet hashmaliciousUnknownBrowse
                    sync.sh4.elfGet hashmaliciousUnknownBrowse
                      sync.arm5.elfGet hashmaliciousUnknownBrowse
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        HTSENSEFRsync.mipsel.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm5.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86_64.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.sh4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.x86.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.sh4.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        sync.arm5.elfGet hashmaliciousUnknownBrowse
                        • 185.194.205.79
                        No context
                        No context
                        No created / dropped files found
                        File type:ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, stripped
                        Entropy (8bit):6.947984700399778
                        TrID:
                        • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                        File name:sync.superh.elf
                        File size:51'840 bytes
                        MD5:1e6bc2b8d3808eb2c2964a63c3193672
                        SHA1:22b882d00bf3a4cd40e5d13c3a2df13b925faf8d
                        SHA256:84d718d39fa59f21e4d8f1de85bd10e57f13f172459a38cef0b9541384e4b117
                        SHA512:4f1a454348e695db3baa63cd16de07821740cfed67c71e2b89576cf6eb28aac69265ef9c7c2ecc9755a321384fab589702853670d6e05a45262274abe513b3ff
                        SSDEEP:1536:wCL8QXkX1HGTbNo1bGgXsZp4eMKYxV30O/ECRO4UlNt:xNXkX1HGTZo1bGgXsUKY4O/EyUlNt
                        TLSH:7B337C939C156E48C078E6F27570ABBAE763E8049A875FEA2953C22A9153DCDF0453F0
                        File Content Preview:.ELF..............*.......@.4...........4. ...(...............@...@...........................A...A.................Q.td............................././"O.n........#.*@........#.*@.....o&O.n...l..............................././.../.a"O.!...n...a.b("...q.

                        ELF header

                        Class:ELF32
                        Data:2's complement, little endian
                        Version:1 (current)
                        Machine:<unknown>
                        Version Number:0x1
                        Type:EXEC (Executable file)
                        OS/ABI:UNIX - System V
                        ABI Version:0
                        Entry Point Address:0x4001a0
                        Flags:0x9
                        ELF Header Size:52
                        Program Header Offset:52
                        Program Header Size:32
                        Number of Program Headers:3
                        Section Header Offset:51440
                        Section Header Size:40
                        Number of Section Headers:10
                        Header String Table Index:9
                        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                        NULL0x00x00x00x00x0000
                        .initPROGBITS0x4000940x940x300x00x6AX004
                        .textPROGBITS0x4000e00xe00xa9000x00x6AX0032
                        .finiPROGBITS0x40a9e00xa9e00x240x00x6AX004
                        .rodataPROGBITS0x40aa040xaa040x1ab80x00x2A004
                        .ctorsPROGBITS0x41c4c00xc4c00x80x00x3WA004
                        .dtorsPROGBITS0x41c4c80xc4c80x80x00x3WA004
                        .dataPROGBITS0x41c4d40xc4d40x3dc0x00x3WA004
                        .bssNOBITS0x41c8b00xc8b00xa2ac0x00x3WA004
                        .shstrtabSTRTAB0x00xc8b00x3e0x00x0001
                        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                        LOAD0x00x4000000x4000000xc4bc0xc4bc7.00480x5R E0x10000.init .text .fini .rodata
                        LOAD0xc4c00x41c4c00x41c4c00x3f00xa69c3.59630x6RW 0x10000.ctors .dtors .data .bss
                        GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                        Download Network PCAP: filteredfull

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-03-18T03:03:28.075449+01002013514ET MALWARE Potential DNS Command and Control via TXT queries1192.168.2.15467128.8.4.453UDP
                        2025-03-18T03:04:43.890584+01002848606ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Outbound)1192.168.2.1536866185.194.205.7961003TCP
                        2025-03-18T03:04:44.096411+01002848607ETPRO MALWARE ELF/DarkNexus CnC Beacon Keep-Alive (Inbound)1185.194.205.7961003192.168.2.1536866TCP
                        • Total Packets: 20
                        • 61003 undefined
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 03:03:43.832868099 CET3686661003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:03:43.837853909 CET6100336866185.194.205.79192.168.2.15
                        Mar 18, 2025 03:03:43.837948084 CET3686661003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:03:43.838330030 CET3686661003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:03:43.843033075 CET6100336866185.194.205.79192.168.2.15
                        Mar 18, 2025 03:04:43.890583992 CET3686661003192.168.2.15185.194.205.79
                        Mar 18, 2025 03:04:43.897572994 CET6100336866185.194.205.79192.168.2.15
                        Mar 18, 2025 03:04:44.096410990 CET6100336866185.194.205.79192.168.2.15
                        Mar 18, 2025 03:04:44.096765995 CET3686661003192.168.2.15185.194.205.79
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 18, 2025 03:03:28.075448990 CET4671253192.168.2.158.8.4.4
                        Mar 18, 2025 03:03:28.091342926 CET53467128.8.4.4192.168.2.15
                        Mar 18, 2025 03:03:29.112895012 CET4746753192.168.2.158.8.4.4
                        Mar 18, 2025 03:03:29.142254114 CET53474678.8.4.4192.168.2.15
                        Mar 18, 2025 03:03:30.144268036 CET4430653192.168.2.158.8.8.8
                        Mar 18, 2025 03:03:30.159394026 CET53443068.8.8.8192.168.2.15
                        Mar 18, 2025 03:03:31.161375999 CET4129753192.168.2.151.0.0.1
                        Mar 18, 2025 03:03:31.185874939 CET53412971.0.0.1192.168.2.15
                        Mar 18, 2025 03:03:32.187690020 CET4003453192.168.2.151.0.0.1
                        Mar 18, 2025 03:03:32.212577105 CET53400341.0.0.1192.168.2.15
                        Mar 18, 2025 03:03:33.214272022 CET4012353192.168.2.151.1.1.1
                        Mar 18, 2025 03:03:33.239882946 CET53401231.1.1.1192.168.2.15
                        Mar 18, 2025 03:03:34.241925001 CET5061953192.168.2.158.8.8.8
                        Mar 18, 2025 03:03:34.257919073 CET53506198.8.8.8192.168.2.15
                        Mar 18, 2025 03:03:35.259788990 CET3622253192.168.2.158.8.8.8
                        Mar 18, 2025 03:03:35.287849903 CET53362228.8.8.8192.168.2.15
                        Mar 18, 2025 03:03:36.289599895 CET5236853192.168.2.158.8.4.4
                        Mar 18, 2025 03:03:36.305670023 CET53523688.8.4.4192.168.2.15
                        Mar 18, 2025 03:03:37.307449102 CET3492453192.168.2.151.0.0.1
                        Mar 18, 2025 03:03:37.444371939 CET53349241.0.0.1192.168.2.15
                        Mar 18, 2025 03:03:38.446966887 CET4411653192.168.2.151.1.1.1
                        Mar 18, 2025 03:03:38.630707026 CET53441161.1.1.1192.168.2.15
                        Mar 18, 2025 03:03:39.632880926 CET3554553192.168.2.151.1.1.1
                        Mar 18, 2025 03:03:39.753577948 CET53355451.1.1.1192.168.2.15
                        Mar 18, 2025 03:03:40.755733013 CET5905053192.168.2.158.8.8.8
                        Mar 18, 2025 03:03:40.784111977 CET53590508.8.8.8192.168.2.15
                        Mar 18, 2025 03:03:41.786875963 CET4119953192.168.2.151.1.1.1
                        Mar 18, 2025 03:03:41.812110901 CET53411991.1.1.1192.168.2.15
                        Mar 18, 2025 03:03:42.815227985 CET5722253192.168.2.158.8.4.4
                        Mar 18, 2025 03:03:42.830040932 CET53572228.8.4.4192.168.2.15
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 18, 2025 03:03:28.075448990 CET192.168.2.158.8.4.40x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:29.112895012 CET192.168.2.158.8.4.40x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:30.144268036 CET192.168.2.158.8.8.80x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:31.161375999 CET192.168.2.151.0.0.10x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:32.187690020 CET192.168.2.151.0.0.10x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:33.214272022 CET192.168.2.151.1.1.10x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:34.241925001 CET192.168.2.158.8.8.80x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:35.259788990 CET192.168.2.158.8.8.80x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:36.289599895 CET192.168.2.158.8.4.40x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:37.307449102 CET192.168.2.151.0.0.10x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:38.446966887 CET192.168.2.151.1.1.10x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:39.632880926 CET192.168.2.151.1.1.10x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:40.755733013 CET192.168.2.158.8.8.80x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:41.786875963 CET192.168.2.151.1.1.10x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        Mar 18, 2025 03:03:42.815227985 CET192.168.2.158.8.4.40x6908Standard query (0)dnsresolve.socialgains.cf16IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 18, 2025 03:03:28.091342926 CET8.8.4.4192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:29.142254114 CET8.8.4.4192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:30.159394026 CET8.8.8.8192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:31.185874939 CET1.0.0.1192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:32.212577105 CET1.0.0.1192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:33.239882946 CET1.1.1.1192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:34.257919073 CET8.8.8.8192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:35.287849903 CET8.8.8.8192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:36.305670023 CET8.8.4.4192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:37.444371939 CET1.0.0.1192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:38.630707026 CET1.1.1.1192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:39.753577948 CET1.1.1.1192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:40.784111977 CET8.8.8.8192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:41.812110901 CET1.1.1.1192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false
                        Mar 18, 2025 03:03:42.830040932 CET8.8.4.4192.168.2.150x6908Name error (3)dnsresolve.socialgains.cfnonenone16IN (0x0001)false

                        System Behavior

                        Start time (UTC):02:03:27
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.superh.elf
                        Arguments:/tmp/sync.superh.elf
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        Start time (UTC):02:03:27
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.superh.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9

                        Start time (UTC):02:03:27
                        Start date (UTC):18/03/2025
                        Path:/tmp/sync.superh.elf
                        Arguments:-
                        File size:4139976 bytes
                        MD5 hash:8943e5f8f8c280467b4472c15ae93ba9